Re: Remove password

jonathon Tue, 24 Mar 2015 11:18:50 -0700

On 24/03/15 10:13, Elif Doğalı wrote:

> I have open office and I save my word document with setting a password but,


Word?  That is an MS File Format.  I didn't know LibO could save
password protected MSO file formats.

>I forget it. How could I remove the password and open my document?

If you meant Write, then:

LibO 3.4.5 and lower can write files whose password protection relies on
Blowfish;
LibO 3.4.4 and lower can read files whose password protection relies on
Blowfish;
LibO 3.4.5 and higher can read files whose password protection relies on
AES-256;
LibO 3.5.0 and higher can write files whose password protection relies
on AES-256;

OpenOffice.org 3.3 and lower can read/write files  whose password
protection relies on SHA1/Blowfish;
Apache OpenOffice 3.4 and higher can read/write files whose password
protection relies on SHA256 / AES;

https://wiki.openoffice.org/wiki/User:TJFrazier/Encryption contains a
transitional macro for AOo 3.4, to read SHA1/Blowfish encrypted documents.

The Crypto++ library contains routines for encrypting/decrypting
blowfish, AES-256, and other algorithms for ciphers.

http://sourceforge.net/projects/ooomacros/files/PasswordCracker/
is an OOo extension/macro that brute forces passwords.
It was last updated in 2005, so it won't work with LibO 3.5.0, and
higher, or AOo 3.4 and higher. I noticed that SourceForge didn't offer
"Code" on the project components line, so source code might not be
available.

http://archive09.linux.com/articles/61635 is an article from 2007 on
breaking documents encrypted with OOo.

http://ringlord.com/dl/Decrypting%20ODF%20Files.pdf is an in-depth
explanation of how to decrypt ODF File Format files.

One of the commercially distributed password recovery tools claims that
the estimated time to recover a password are:
* 5 characters: 28 minutes;
* 6 characters: 44 hours;
* 7 characters: 174 days;
* 8 characters: 45 years;
I'm assuming the normal stupid password selection process that is
typically used.

At 10,000 passwords per second, brute force for the 192 ASCII set of glyphs:
(This is run of the mill equipment.)

2       1.84    seconds;
3       5.90    minutes;
4       0.786   days;
5       21.57   weeks;
6       79.65   years;
7       1.53E+004       years;
8       2.94E+006       years;
9       5.64E+008       years;
10      1.08E+011       years;
11      2.08E+013       years;
12      3.99E+015       years;
13      7.66E+017       years;
14      1.47E+020       years;
15      2.82E+022       years;
16      5.42E+024       years;
17      1.04E+027       years;
18      2.00E+029       years;
19      3.84E+031       years;
20      7.37E+033       years;

At 1,000,000,000 passwords per second, brute force for the 192 ASCII set
of glyphs:
(This is COTS hardware, albeit optimized for this specific task.)

2       0.00    seconds;
3       0.00    seconds;
4       0.68    seconds;
5       130.46  seconds;
6       6.96    hours;
7       55.66   days;
8       29.36   years;
9       5.64E+003       years;
10      1.08E+006       years;
11      2.08E+008       years;
12      3.99E+010       years;
13      7.66E+012       years;
14      1.47E+015       years;
15      2.82E+017       years;
16      5.42E+019       years;
17      1.04E+022       years;
18      2.00E+024       years;
19      3.84E+026       years;
20      7.37E+028       years;

At 1,000,000,000 passwords per second, brute force for the 65536 Unicode
Base Plane set of glyphs:
(This uses COTS hardware, albeit optimized for this specific task.)

2       2.15    seconds;
3       39.09   hours;
4       293.27  years;
5       1.92E+007       years;
6       1.26E+012       years;
7       8.25E+016       years;
8       5.41E+021       years;
9       3.55E+026       years;
10      2.32E+031       years;
11      1.52E+036       years;
12      9.98E+040       years;
13      6.54E+045       years;
14      4.29E+050       years;
15      2.81E+055       years;
16      1.84E+060       years;
17      1.21E+065       years;
18      7.91E+069       years;
19      5.18E+074       years;
20      3.40E+079       years;

At 10,000,000,000 passwords per second, brute force for the 65536
Unicode Base Plane set of glyphs:
(This uses COTS hardware, albeit somewhat specialized, and optimized for
this specific task.)

2       0.21    seconds;
3       3.91    hours;
4       29.33   years;
5       1.92E+006       years;
6       1.26E+011       years;
7       8.25E+015       years;
8       5.41E+020       years;
9       3.55E+025       years;
10      2.32E+030       years;
11      1.52E+035       years;
12      9.98E+039       years;
13      6.54E+044       years;
14      4.29E+049       years;
15      2.81E+054       years;
16      1.84E+059       years;
17      1.21E+064       years;
18      7.91E+068       years;
19      5.18E+073       years;
20      3.40E+078       years;

Various things that can speed up the decryption time:
* Knowing some, or all of the password;
* Using good wordlists and known mangling patterns;
* Throwing more hardware at the password;

jonathon

signature.asc
Description: OpenPGP digital signature

Re: Remove password

Reply via email to